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(57) Abstract 



In one apparatus, a group of plain text 
and obfuscated cells (106) of programming 
instructions is provided to implement a de- 
scramber that descrambles scrambled con- 
tent to generate descrambled content. In 
another apparatus, a group of plain text 
and obfuscated cells of programming instruc- 
tions is provided to implement an authenti- 
cate* that provides appropriate authentication 
challenges to a scrambled content provider, 
and generates appropriate authentication re- 
sponses to authentication challenges from the 
scrambled content provider. In yet another 
apparatus, a group of plain text and obfus- 
cated cells of programming instructions is 
provided to implement an integrity verifier 
that performs integrity verification on a de- 
coder. In yet another apparatus, a group of 
plain text and obfuscated cells of program- 
ming instructions is provided to implement a 
secrets holder that holds a number of secrets 
associated with playing scrambled contents. 
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A Tamper Resistant Player For Scrambled Contents 

RELATED APPLICATIONS 

This application is a continuation-in-part application to 
U.S. Patent Application, number 08/662,679, filed on June 13, 1996, 
entitled Tamper Resistant Methods and Apparatus, and to U.S. 
Patent Application, number <to be assigned>, filed on August 6, 
1997, entitled Cell Array Providing Non-Persistent Secret Storage 
Through A Mutation Cycle (Express Mail No. EM531554811US). 

BACKGROUND OF THE INVENTION 

1. Field of the Invention 

The present invention relates to the field of system 
security. More specifically, the present invention relates to a tamper 
resistant player for scrambled contents. 

2. Background Information 

Content management, such as management of 

scrambled DVD contents, require the basic integrity of the 

management operations to be assumed, or at least verified. While a 

number of security approaches such as encryption and decryption 

techniques are known in the art, unfortunately, the security 

approaches can be readily compromised, because these 

applications and the security approaches are implemented on 
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systems with an open and accessible architecture, that renders both 
hardware and software including the security approaches 
observable and modifiable by a malevolent user or a malicious 
program. 

Thus, a system based on open and accessible 
architecture is a fundamentally insecure platform, notwithstanding 
the employment of security measures. However, openness and 
accessibility offer a number of advantages, contributing to these 
systems' successes. Therefore, what is required are techniques that 
will render the operations of a scrambled content player, such as a 
DVD player, virtually unobservable or unmodifiable on these 
fundamentally insecure platforms, notwithstanding their openness 
and accessibility. 
SUMMARY OF THE INVENTION 

In one apparatus, a group of plain text and obfuscated 
cells of programming instructions is provided to implement a 
descrambler that descrambles scrambled content to generate 
descrambled content. 

In another apparatus, a group of plain text and 
obfuscated cells of programming instructions is provided to 
implement an authenticator that provides appropriate authentication 
challenges to a scrambled content provider, and generates 
appropriate authentication responses to authentication challenges 
from the scrambled content provider. 
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In yet another apparatus, a group of plain text and 
obfuscated cells of programming instructions is provided to 
implement an integrity verifier that performs integrity verification on a 
decoder. 

In yet another apparatus, a group of plain text and 
obfuscated cells of programming instructions is provided to 
implement a secrets holder that holds a number of secrets 
associated with playing scrambled contents. In one embodiment, the 
secrets include secrets used in a mutual authentication process, and 
the secrets used for descrambling the scrambled content. 

BRIEF DESCRIPTION OF DRAWINGS 

The present invention will be described by way of 
embodiments, but not limitations, illustrated in the accompanying 
drawings in which like references denote similar elements, and in 
which: 

Figure 1 is a block diagram illustrating an overview of 
an exemplary tamper resistant module incorporated with various 
teachings of the present invention; 

Figures 2 - 3 are two flow charts illustrating one 
embodiment each of the operational flows, at start-up time and 
during runtime, of ah integrity verification method of the present 
invention 
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Figure 4 is a flow chart illustrating one embodiment of 
the operational flow of an intruder detection method of the present 
invention; 

Figures 5 - 6 are two flow charts illustrating one 
embodiment each of the operational flows of two observation 
detection methods of the present invention; 

Figure 7 is a block diagram illustrating one 
embodiment of a coupling technique of the present invention for 
inter-coupling various tamper resistant methods; 

Figure 8 is a block diagram illustrating one 
embodiment of a tamper resistant player for scrambled contents, 
incorporated with the teachings of the present invention; and 

Figure 9 is a block diagram illustrating one 
embodiment of a computer system suitable for practicing the present 
invention. 

DETAILED DESCRIPTION OF THE INVENTION 

In the following description, various aspects of the 

present invention will be described. However, it will be apparent to 

those skilled in the art that the present invention may be practiced with 

only some or all aspects of the present invention. For purposes of 

explanation, specific numbers, materials and configurations are set 

forth in order to provide a thorough understanding of the present 

invention. However, it will also be apparent to one skilled in the art 

that the present invention may be practiced without the specific 

details. In other instances, well known features are omitted or 

simplified in order not to obscure the present invention. 
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Parts of the description will be presented in terms of 
operations performed by a computer system, using terms such as 
data, flags, bits, values, characters, strings, numbers and the like, 
consistent with the manner commonly employed by those skilled in 
the art to convey the substance of their work to others skilled in the art. 
As well understood by those skilled in the art, these quantities take the 
form of electrical, magnetic, or optical signals capable of being stored, 
transferred, combined, and otherwise manipulated through 
mechanical and electrical components of the computer system; and 
the term computer system include general purpose as well as special 
purpose data processing machines, systems, and the like, that are 
standalone, adjunct or embedded. 

Various operations will be described as multiple discrete 
steps in turn in a manner that is most helpful in understanding the 
present invention, however, the order of description should not be 
construed as to imply that these operations are necessarily order 
dependent, in particular, the order of presentation. 

Referring now to Figure 1, wherein a block diagram 

illustrating one embodiment of an exemplary tamper resistant 

module incorporated with the various teachings of the present 

invention is shown. As illustrated, exemplary tamper resistant 

module 100 includes non-tamper resistant portion 102, and tamper 

resistant portion 104. For the illustrated embodiment, the two 

portions are linked together to form a single executable module. For 

the purpose of this application, the term module is used in a general 
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sense to mean a structural relationship between the various portions 
that facilitates exclusive communications between the portions. 

As described in the parent application, number 
08/662,679, non-tamper resistant portion 102 includes a number of 
plain text programming instructions implementing various non- 
sensitive services of exemplary tamper resistant module 100, 
whereas tamper resistant portion 104 includes various groups of 
plain text and obfuscated cells 106 of programming instructions 
implementing various sensitive services of exemplary tamper 
resistant module 100. Each group of cells that implements a 
sensitive service or a collection of sensitive services includes at least 
one plain text cell 106. Briefly, the secrets associated with the 
services are distributed in time and space, and obfuscated. The 
number of obfuscated cells employed to obfuscate a service is 
service or sensitivity dependent. Generally, the larger number of 
obfuscated cells employed, the more difficult it will be for the 
obfuscation to be "decoded". For a more detailed description, see 
parent application, number 08/662,679. 

Additionally, in accordance with the present invention, 

selected groups of plain text and obfuscated cells 106 incorporate a 

number of tamper resistant measures to verify during operation that 

exemplary tamper resistant module 100 has not been intruded nor 

being observed. The number of groups employing these tamper 

resistant measures, as well as the frequencies and the number of 

tamper resistant measures employed are also service or sensitivity 

dependent. As will be described in more details below, these tamper 
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resistant measures include a number of integrity verification 
measures and a number of anti-observation measures. The integrity 
verification measures include first integrity verification measure that 
verifies the integrity of non-tamper resistant portion 102 during run 
time as well as start-up time, and a second integrity verification 
measure that verifies an invocation of a group of plain text and 
obfuscated cells is not originated from an intruder. The anti- 
observation measures include a first anti-observation measure that 
verifies the processor executing module 100 is not operating in a 
mode that supports single step execution, and a second anti- 
observation measure that verifies elapsed execution times are 
consistent with normal unobserved execution. 

Figures 2 - 3 illustrate one embodiment of the 
operational flow of the first integrity verification measure. Figure 2 
illustrates the operational flow at start-up time, whereas Figure 3 
illustrates the operational flow during run time. As shown in Fig. 2 t 
at start-up time, for the illustrated embodiment, a group of cells 
(GOC) incorporated with this first integrity verification measure scans 
non-tamper resistant portion 102 and calculates a signature for non- 
tamper resistant portion 102, block 108. Next, for the illustrated 
embodiment, the GOC retrieves a signature pre-stored for non- 
tamper resistant portion 102, block 110. The GOC then compares 
the two signatures to verify the generated signature, blocks 112 - 
114. If the generated signature is successfully verified, meaning that 
non-tamper resistant portion 102 has not been modified, the GOC 
allows the start-up process to continue, without skipping any 

verification dependent operations, block 116, otherwise, the GOC 
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causesthe start-up process to continue, skipping the verification 
dependent operations, block 118. An example of verification 
dependent operations is operations associated with setting up the 
secrets required for delivering certain sensitive services. 

As shown in Figure 3, at a verification check time 
during run time, for the illustrated embodiment, a GOC incorporated 
with this first integrity verification measure scans a next portion of 
non-tamper resistant portion 102 and incrementally calculates a 
signature for non-tamper resistant portion 102, block 120. The GOC 
then updates the signature being incrementally calculated, block 
122. Next, the GOC checks if the end of non-tamper resistant 
portion 102 has been reached, block 124. If the end has not been 
reached, the process terminates, otherwise the process continues at 
block 126. 

At block 126, the GOC retrieves a signature pre-stored 
for non-tamper resistant portion 102, block 126. The GOC then 
compares the two signatures to verify the generated signature, 
blocks 128 - 130. If the generated signature is successfully 
verified, meaning that non-tamper resistant portion 102 has not 
been modified, the GOC allows execution of module 100 to 
continue, otherwise, the GOC causes execution of module 100 to 
terminate, block 132. Causing module to terminate may be 
achieved in any number of ways known in the art. Depending on the 
application, it may be preferable to cause the module to fail further 
downstream from the point the non-tamper resistant portion's 
integrity failed verification. 
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In other words, the run time integrity check is performed 
incrementally over a number of verification check times during an 
execution run. Those skilled in the art will appreciate the 
incremental approach is particularly useful for performance sensitive 
services. The number of verification check times employed for an 
execution run is service or sensitivity dependent. 

Figure 4 illustrates one embodiment of the operational 
flow of the second integrity verification measure. At invocation time, 
for the illustrated embodiment, a GOC incorporated with this second 
integrity verification measure retrieves a return address for the 
invocation, block 134. For the illustrated embodiment, the GOC 
determines if the return address is within the address space of 
module 100, block 136. If the return address is within the address 
space of module 100, meaning that the invocation did not originate 
from an intruder, the GOC allows execution of module 100 to 
continue, block 138, otherwise, the GOC causes execution of 
module 100 to terminate, block 140. Similarly, causing module to 
terminate may be achieved in any number of ways known in the art. 
Depending on the application, it may be preferable to cause the 
module to fail further downstream from the point the intrusion is 
detected. 

Figure 5 illustrates one embodiment of the operational 

flow of the first anti-observation measure. At a pre-selected point in 

time during an execution run, for the illustrated embodiment, a GOC 

incorporated with this first anti-observation measure retrieves a 
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processor execution mode state variable, block 142. For the 
illustrated embodiment, the GOC determines if the state variable 
denotes an execution mode that supports single step execution, e.g. 
a debug mode, block 144. If the state variable denotes an execution 
mode that does not support single step execution, meaning that 
execution of module 100 is not being observed, the GOC allows 
execution of module 100 to continue, block 146, otherwise, the 
GOC causes execution of module 100 to terminate, block 148. 
Similarly, causing module to terminate may be achieved in any 
number of ways known in the art. Depending on the application, it 
may be preferable to cause the module to fail further downstream 
from the point observation is detected. The number of times as well 
as the precise points in time during an execution run where the 
processor's execution mode is checked is service or sensitivity 
dependent. 

Figure 6 illustrates one embodiment of the operational 

flow of the second anti-observation measure. At a pre-selected point 

in time during an execution run, for the illustrated embodiment, a 

GOC incorporated with this second anti-observation measure 

retrieves a timer value from the processor executing module 100, 

and record the retrieved timer value (timestamp), block 150. The 

GOC then continues to perform the normal services it is designed to 

provide, block 152. At a pre-selected later point in time, the GOC 

checks an amount of elapsed execution time since the last 

timestamp to determine if the amount of elapsed execution has 

exceeded a predetermined threshold, blocks 154 - 156. If the 

elapsed execution time does not exceed the predetermined 
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threshold, meaning that execution of module 100 is not being 
observed (e.g. by setting breakpoints), the GOC allows execution of 
module 100 to continue, block 158, otherwise, the GOC causes 
execution of module 100 to terminate, block 160. Similarly, causing 
module to terminate may be achieved in any number of ways known 
in the art. Depending on the application, it may be preferable to 
cause the module to fail further downstream from the point 
observation is detected. The number of times as well as the precise 
points in time during an execution run where the amount of elapsed 
execution time since a last timestamp is checked is service or 
sensitivity dependent. 

Figure 7 illustrates one embodiment of a coupling 

technique for inter-coupling tamper resistant measures. As 

illustrated, the different tamper resistant measures are inter-coupled 

by having the measures share a common storage location, e.g. in 

memory, for key values associated with the various tamper resistant 

measures. For the illustrated embodiment, a GOC stores a key for 

retrieving secrets in portion 162 of storage location 168, and a 

timestamp for determining whether execution of module 100 is 

being observed in storage location 168 less portion 162. In 

determining elapsed execution time, the GOC only employs the bits 

higher than portion 162. Additionally, the GOC uses lower order bits 

164 as a seed to generate the pseudo random numbers employed 

in an authentication process. Thus, if an intruder attempts to modify 

the timestamp to defeat the elapsed execution time check measure, it 

will cause the authentication process as well as any attempt to 

retrieve secrets to fail! Similarly, if an intruder attempts to modify the 
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seed for generating pseudo random number to defeat the 
authentication process, it will cause the elapsed execution time 
check as well as any attempt to retrieve secrets to fail. 

Figure 8 illustrates one embodiment of a tamper 
resistant player for scrambled content applying the tamper resistant 
teachings of the present invention. As shown, for the illustrated 
embodiment, tamper resistant player 170 includes non-tamper 
resistant components 171 and tamper resistant decoder 172. Non- 
tamper resistant components 171 are intended to represent a broad 
category of general service components, such as end user 
interfaces. These general service components may provide any one 
of a number of variety of services, implemented using any one of a 
number of variety of techniques known in the art. Tamper resistant 
decoder 172 receives scrambled compressed content, and in 
response, descrambles as well as decompresses the content to 
output appropriate signals to render the content, e.g. YUV video and 
AC3 audio. 

Tamper resistant decoder 172 includes non-tamper 
resistant portion 175, tamper resistant portion 174, 176, 178 and 
180, and signature 173 for non-tamper resistant portion 175. Non- 
tamper resistant portion 175 is constituted with plain text 
programming instructions, whereas tamper resistant portion 174, 
176, 178 and 180 is constituted with multiple groups of plain text 
and obfuscated cells of programming instructions. Non-tamper 
resistant portion 175 and tamper resistant portion 174, 176, 178 

and 180, including signature 173, are structurally related to facilitate 
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exclusive communication between the portions. For the illustrated 
embodiment, the two portions are linked together as a single 
executable module. 

Non-tamper resistant portion 175 selectively invokes 
the services of integrated tamper resistant portion 174, 176, 178 
and 180 to effectuate descrambling of the scrambled content, 
including causing player 170 and a scrambled content provider 
device to be mutually authenticated with one another Non-tamper 
resistant portion 175 decompresses the unscrambled compressed 
content to generate the above described output signals. Signature 
173 is pre-stored in a predetermined location to facilitate start-up 
time and run time integrity verification as described earlier. 

For the illustrated embodiment, tamper resistant 

services of tamper resistant decoder 172 includes tamper resistant 

descrambler 174 for receiving scrambled content, and in response, 

descrambling the scrambled content to generate the descrambled 

content for non-tamper resistant portion of decoder 172. In one 

embodiment, tamper resistant descrambler 174 employs secret keys 

retrieved from tamper resistant secrets holder 180 to descramble the 

scrambled content. The number of secret keys employed, and the 

nature of the keys are application dependent, and they are not 

essential to the understanding of the present invention. Tamper 

resistant descrambler 174 is constituted with a group of plain text 

and obfuscated cells of programming instructions. In one 

embodiment, the core descrambling service is disposed in a plain 

text cell to provide enhanced performance. In one embodiment, the 
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GOC is equipped with the above described intruder detection 
integrity verification measure and the single step execution mode 
detection anti-observation measure. In one embodiment, the GOC is 
also equipped with the elapsed execution time detection anti- 
observation measure. In one embodiment, the GOC is equipped 
with multiple ones of the elapsed execution time detection anti- 
observation measure. In one embodiment, the elapsed execution 
time detection anti-observation measure is also inter-coupled with 
the process for retrieving the secret keys associated with 
descrambling scrambled content, and the authentication process for 
mutually authenticating player 170 and a scrambled content 
provider device. 

For the illustrated embodiment, tamper resistant 

services of tamper resistant decoder 172 also includes tamper 

resistant authenticator 176 for authenticating tamper resistant player 

170 to a scrambled content provider device and to authenticate the 

scrambled content provider device to tamper resistant player 170. In 

one embodiment, tamper resistant authenticator 176 employs secret 

keys retrieved from tamper resistant secrets holder 180 to conduct 

the authentication process. The number of secret keys employed, 

and the nature of the keys are application dependent, and they are 

not essential to the understanding of the present invention. In one 

embodiment, tamper resistant authenticator 176 is constituted with a 

group of plain text and obfuscated cells of programming instructions. 

In one embodiment, the GOC is equipped with the above described 

intruder detection integrity verification measure, and the single step 

execution mode detection anti-observation measure. In one 
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embodiment, the GOC is also equipped with the elapsed execution 
time detection anti-observation measure. In one embodiment, the 
GOC is equipped with multiple ones of the elapsed execution time 
detection anti-observation measures. In one embodiment, the 
elapsed execution time detection anti-observation measure is also 
inter-coupled with the process for retrieving the secret keys 
associated with descrambling scrambled content, and the 
authentication process for mutually authenticating player 170 and a 
scrambled content provider device. 

For the illustrated embodiment, tamper resistant 
services of tamper resistant decoder 172 also includes tamper 
resistant integrity verifier 178 for integrity verifying non-tamper 
resistant portion of decoder 172 at start-up time, and during run time. 
In one embodiment, tamper resistant integrity verifier 178 provides 
secret keys to be employed for mutually authenticating player 170 
and a scrambled content provider device to secrets holder 180. The 
number of secret keys employed, and the nature of the keys are 
application dependent, and they are not essential to the 
understanding of the present invention. In one embodiment, tamper 
resistant integrity verifier 178 is constituted with a group of plain text 
and obfuscated cells of programming instructions. In one 
embodiment, the GOC is equipped with the single step execution 
mode detection anti-observation measure. In one embodiment, the 
GOC is also equipped with the elapsed execution time detection 
anti-observation measure. In one embodiment, the GOC is equipped 
with multiple ones of the elapsed execution time detection anti- 
observation measures. In one embodiment, the elapsed execution 
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time detection anti-observation measure is also inter-coupled with 
the authentication process for retrieving the secret keys associated 
with descrambling scrambled content, and the authentication 
process for mutually authenticating player 170 and a scrambled 
content provider device. 

Lastly, as alluded to, for the illustrated embodiment, 
tamper resistant services of tamper resistant decoder 172 includes 
tamper resistant secrets holder 180 for storing secrets associated 
with descrambling scrambled content. Secrets holder 180 also 
stores secrets associated with an authentication process for 
authenticating tamper resistant player 170 to a scrambled content 
provider device and to authenticate the scrambled content provider 
device to tamper resistant player 170. In one embodiment, tamper 
resistant secrets holder 180 is constituted with a group of plain text 
and obfuscated cells of programming instructions in a cell array form 
as described in parent application, number <to be assigned> 
(Express mail number EM531554811US). In one embodiment, the 
GOC is equipped with the above described intruder detection 
integrity verification measure, and the single step execution mode 
detection anti-observation measure. In one embodiment, the GOC is 
also equipped with the elapsed execution time detection anti- 
observation measure. In one embodiment, the GOC is equipped 
with multiple ones of the elapsed execution time detection anti- 
observation measures. 

Thus, even if player 170 receives its content inputs 

through an "open" bus, the content is nevertheless protected, as the 
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content will be provided to player 170 over the "open" bus in 
scrambled form. Furthermore, the secrets associated with 
descrambling the scrambled content, as well as the programming 
instructions performing the descrambling are protected from intrusion 
as well as from observation. Yet f performance sensitive operations, 
such as the core descrambling service, are not burdened. Lastly, 
the tamper resistant services, i.e. descrambler 174, authenticator 
176 etc. are highly portable, and may be linked up with any number 
of decoder implementations. 

Figure 9 illustrates one embodiment of a computer 
system suitable for practicing the present invention. As shown, for 
the illustrated embodiment, computer system 200 includes 
processor 202, processor bus 206, high performance I/O bus 210 
and standard I/O bus 220. Processor bus 206 and high 
performance I/O bus 210 are bridged by host bridge 208, whereas 
I/O buses 210 and 212 are bridged by I/O bus bridge 212. Coupled 
to processor bus 206 is cache 204. Coupled to high performance 
I/O bus 210 are system memory 214 and video memory 216, to 
which video display 218 is coupled. Coupled to standard I/O bus 
220 are disk drive 222, keyboard and pointing device 224 and 
DVD-ROM 226. 

These elements perform their conventional functions 

known in the art. In particular, disk drive 222 and system memory 

214 are used to store a permanent and a working copy of the tamper 

resistant application of the present invention, when executed by 

processor 202. The permanent copy may be pre-loaded into disk 
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drive 222 in factory, loaded from a distribution medium (not shown), 
or down loaded from on-line/networked distribution source (not 
shown). The constitutions of these elements are known. Any one of 
a number of implementations of these elements known in the art may 
be used to form computer system 200. 

Of course, computer systems of alternate constitutions, 
including computer systems of alternate architectures may also be 
employed to practice the present invention. 

In general, while the present invention have been 
described in terms of the above illustrated embodiments, those 
skilled in the art will recognize that the invention is not limited to the 
embodiments described. The present invention can be practiced 
with modification and alteration within the spirit and scope of the 
appended claims. The description is thus to be regarded as 
illustrative instead of restrictive on the present invention. 

Thus, a tamper resistant player for scrambled contents 
has been described. 
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CLAIMS 

What is claimed is: 

1 . An apparatus comprising: 

a storage medium having stored therein a first group of plain 

text and obfuscated cells of programminqji Tstructions designed to 

Wplerri^ L^escramblertR)tt descrambles scrambled con tent to 

■ " 1 * » 

generate descrambled content; and 

an execution unit co upled to the storage medium for executing 

the prog ramming instruc tions. 

2. The apparatus as set forth in claim 1 f wherein the first group of 
plain text and obfuscated cells of programming instructions include 

an obfuscated cell of programming instructions designed to 

r — 

implement a frequently invoked descrambli ng subf unctio n of the 
descrambler. 

3. The apparatus as set forth in claim 1 , wherein the first group of 
plain text and obfuscated cells of programming instructions is 
equipped to verify that an invocation of the descrambler is not 
originated from an intruder, and/or execution of the first group of 
plain text and obfuscated cells of programming instructions is not 
being observed. 

4. The apparatus as set forth in claim 1, wherein the storage 

medium further having stored therein a second group of plain text 

and obfuscated cells of programming instructions designed to 
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implement an authenticator that provides appropriate authentication 
challenges to a scrambled content provider device, and generates 
appropriate authentication responses to authentication challenges 
from the scrambled content provider device. 

5. The apparatus as set forth in claim 4, wherein the second 
group of plain text and obfuscated cells of programming instructions 
is equipped to verify that execution of the second group of plain text 
and obfuscated cells of programming instructions is not being 
observed. 

6. The apparatus as set forth in claim 1 , wherein the storage 
medium further having stored therein a second group of plain text 
and obfuscated cells of programming instructions designed to 
implement a secrets holder that holds a plurality of secrets 
associated with playing the scrambled contents. 

7. The apparatus as set forth in claim 6, wherein the second 
group of plain text and obfuscated cells of programming instructions 
is equipped to verify that execution of the second group of plain text 
and obfuscated cells of programming instructions is not being 
observed. 

8. The apparatus as set forth in claim 1 , wherein the storage 
medium further having stored therein a plurality of plain text 
programming instructions designed to decode the descrambled 
content, the plurality of plain text programming instructions having a 
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structural relationship with the descrambler that failitates exclusive 
communication of the descrambled content from the descrambler. 

9. The apparatus as set forth in claim 8, wherein the storage 
medium further having stored therein a second group of plain text 
and obfuscated cells of programming instructions designed to 
implement an integrity verifier that performs integrity verification on 
the plurality of plain text programming instructions. 

10. The apparatus as set forth in claim 9, wherein the integrity 
verifier is designed to perform the integrity verification on the plurality 
of plain text programming instructions at start-up time, and/or 
incrementally at run time. 

1 1 . The apparatus as set forth in claim 9, wherein the second 
group of plain text and obfuscated cells of programming instructions 
is equipped to verify that execution of the second group of plain text 
and obfuscated cells of programming instructions is not being 
observed. 

12. An apparatus comprising: 

a storage medium having stored therein a plurality of plain text 
programming instructions designed to decode descrambled content, 
and a first group of plain text and obfuscated cells of programming 
instructions designed to implement an integrity verifier that performs 
integrity verification on the plurality of plain text programming 
instructions; and 
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an execution unit coupled to the storage medium for executing 
the programming instructions. 

13. The apparatus as set forth in claim 12, wherein the integrity 
verifier is designed to perform the integrity verification on the plain 
text programming instructions at start-up time f and/or incrementally at 
run time. 

14. The apparatus as set forth in claim 12, wherein the storage 
medium further having stored therein a second group of plain text 
and obfuscated cells of programming instructions designed to 
implement an authenticator that provides appropriate authentication 
challenges to a scrambled content provider device, and generates 
appropriate authentication responses to authentication challenges 
from the scrambled content provider device. 

15. The apparatus as set forth in claim 14, wherein the second 
group of plain text and obfuscated cells of programming instructions 
is equipped to verify that execution of the second group of plain text 
and obfuscated cells of programming instructions is not being 
observed. 

16. The apparatus as set forth in claim 12, wherein the storage 
medium further having stored therein a second group of plain text 
and obfuscated cells of programming instructions designed to 
implement a secrets holder that holds a plurality of secrets 
associated with playing the scrambled contents. 
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17. The apparatus as set forth in claim 16, wherein the second 
group of plain text and obfuscated cells of programming instructions 
is equipped to verify that execution of the second group of plain text 
and obfuscated cells of programming instructions is not being 
observed. 

18. An apparatus comprising: 

a storage medium having stored therein a first group of plain 
text and obfuscated cells of programming instructions designed to 
implement a secrets holder that holds a plurality of secrets 
associated with playing scrambled contents; and 

an execution unit coupled to the storage medium for executing 
the programming instructions. 

19. The apparatus as set forth in claim 18, wherein the first group 
of plain text and obfuscated cells of programming instructions is 
equipped to verify that execution of the first group of plain text and 
obfuscated cells of programming instructions is not being observed. 

20. The apparatus as set forth in claim 19, wherein the storage 
medium further having stored therein a second group of plain text 
and obfuscated cells of programming instructions that implement an 
authenticator that provides appropriate authentication challenges to 
a scrambled content provider device, and generates appropriate 
authentication responses to authentication challenges from the 
scrambled content provider device. 
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21 . The apparatus as set forth in claim 20, wherein the second 
group of plain text and obfuscated cells of programming instructions 
is equipped to verify that execution of the second group of plain text 
and obfuscated cells of programming instructions is not being 
observed. 

22. An apparatus comprising: 

a storage medium having stored therein a first group of plain 
text and obfuscated cells of programming instructions designed to 
implement an authenticator that provides appropriate authentication 
challenges to a scrambled content provider device, and generates 
appropriate authentication responses to authentication challenges 
from the scrambled content provider device; and 

an execution unit coupled to the storage medium for executing 
the programming instructions. 

23. The apparatus as set forth in claim 22, wherein the second 
group of plain text and obfuscated cells of programming instructions 
is equipped to verify that execution of the second group of plain text 
and obfuscated cells of programming instructions is not being 
observed. 

24. A method comprising: 

a) executing a first group of plain text and obfuscated cells of 
programming instructions to perform integrity verification on a 
plurality of plain text programming instructions designed to decode 
descrambled content; and 
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b) executing a second group of plain text and obfuscated cells 
of programming instructions to store a plurality of secrets associated 
with descrambling scrambled content if integrity of the plurality of 
plain text programming instructions is verified in (a). 

25. The method of claim 24, wherein each of (a) and (b) includes 
determining if execution of the first /second group of plain text and 
obfuscated cells of programming instructions is being observed. 

26. The method of claim 24, wherein the method further 
comprises (c) executing a third group of plain text and obfuscated 
cells of programming instructions to provide appropriate 
authentication challenges to a scrambled content provider device, 
and to provide appropriate responses to authentication challenges of 
the scrambled content provider device. 

27. The method of claim 26, wherein each of (a), (b) and (c) 
includes determining if execution of the first /second/third group of 
plain text and obfuscated cells of programming instructions is being 
observed. 

28. The method of claim 24, wherein the method further 
comprises (d) executing a fourth group of plain text and obfuscated 
cells of programming instructions to descramble scrambled content 
to generate the descrambled content if authentication with the 
scrambled content provider device is successful in (c). 
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29. The method of claim 28, wherein each of (a), (b), (c) and (d) 
includes determining if execution of the first /second/third/fourth 
group of plain text and obfuscated cells of programming instructions 
is being observed. 

30. The method of claim 28, wherein (d) includes determining if 
an invocation of the fourth group of programming instructions is 
originated from an intruder. 

31 . The method of claim 28, wherein the method further includes 
(e) executing the plurality of plain text programming instructions to 
decode the descrambled content. 
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